ScienceDirect® Home Skip Main Navigation Links
You have guest access to ScienceDirect. Find out more.
 
Home
Browse
My Settings
Alerts
Help
 Quick Search
 Search tips (Opens new window)
    Clear all fields    
Electronic Notes in Theoretical Computer Science
Volume 197, Issue 1, 21 February 2008, Pages 59-72
Proceedings of the First International Workshop on Run Time Enforcement for Mobile and Distributed Systems (REM 2007)
 
Font Size: Decrease Font Size  Increase Font Size
 Abstract - selected
PDF (294 K)

  E-mail Article   
  Add to my Quick Links   
Bookmark and share in 2collab (opens in new window)
Request permission to reuse this article
  Cited By in Scopus (0)
 
 
 
Related Articles in ScienceDirect
View More Related Articles
 
View Record in Scopus
 
doi:10.1016/j.entcs.2007.10.014    How to Cite or Link Using DOI (Opens New Window)
Copyright © 2008 Elsevier B.V. All rights reserved.

Remote Attestation on Legacy Operating Systems With Trusted Platform Modules1

Dries Schellekensa, Brecht Wyseura and Bart Preneela
aKatholieke Universiteit Leuven, Department ESAT/SCD-COSIC, Kasteelpark Arenberg 10, B-3001 Heverlee, Belgium

Available online 20 February 2008.

Abstract

A lot of progress has been made to secure network communication, e.g., through the use of cryptographic algorithms. However, this offers only a partial solution as long as the communicating end points still suffer from security problems. A number of applications require remote verification of software executing on an untrusted platform. Trusted computing solutions propose to solve this problem through software and hardware changes, typically a secure operating system and the addition of a secure coprocessor respectively. On the other hand, timed execution of code checksum calculations aims for a solution on legacy platforms, but can not provide strong security assurance. We present a mixed solution by using the trusted computing hardware, namely the time stamping functionality of the trusted platform module, in combination with a timing based remote code integrity verification mechanism. In this way, we do not require a secure operating system, but at the same time the overall security of the timed execution scheme can be improved.

Keywords: remote software authentication; attestation; trusted platform module; timed execution

References

D. Aucsmith, Tamper Resistant Software: An Implementation. In: R.J. Anderson, Editor, Information Hiding, First International Workshop, Proceedings Cambridge, U.K., May 30–June 1, 1996, Lecture Notes in Computer Science 1174 (1996), pp. 317–333.

B. Balacheff, L. Chen, S. Pearson, D. Plaquin and G. Proudler, Trusted Computing Platforms: TCPA Technology in Context, Prentice Hall PTR, Upper Saddle River, NJ, USA (2002).

E.F. Brickell, J. Camenisch and L. Chen, Direct anonymous attestation. In: V. Atluri, B. Pfitzmann and P.D. McDaniel, Editors, Proceedings of the 11th ACM Conference on Computer and Communications Security CCS 2004, Washingtion, DC, USA, October 25–29, 2004 (2004), pp. 132–145.

Ceccato, M., M. D. Preda, J. Nagra, C. Collberg and P. Tonella, Barrier Slicing for Remote Software Trusting, in: 7th IEEE International Working Conference on Source Code Analysis and MAnipulation (SCAM'07), September 30 - October 1, Paris, France, 2007.

Dvir, O., M. Herlihy and N. N. Shavit, Virtual Leashing: Internet-Based Software Piracy Protection, in: ICDCS '05: Proceedings of the 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05) (2005), pp. 283–292.

P. England, B.W. Lampson, J. Manferdelli, M. Peinado and B. Willman, A Trusted Open Platform, IEEE Computer 36 (2003), pp. 55–62. View Record in Scopus | Cited By in Scopus (35)

J.A. Garay and L. Huelsbergen, Software Integrity Protection Using Timed Executable Agents. In: F.-C. Lin, D.-T. Lee, B.-S. Lin, S. Shieh and S. Jajodia, Editors, Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security ASIACCS 2006, Taipei, Taiwan, March 21–24, 2006 (2006), pp. 189–200.

J.T. Giffin, M. Christodorescu and L. Kruger, Strengthening software self-checksumming via self-modifying code, 21st Annual Computer Security Applications Conference (ACSAC 2005), 5–9 December 2005, Tucson, AZ, USA (2005), pp. 23–32.

V. Haldar, D. Chandra and M. Franz, Semantic Remote Attestation – Virtual Machine Directed Approach to Trusted Computing, Proceedings of the 3rd Virtual Machine Research and Technology Symposium May 6–7, 2004, San Jose, CA, USA (2004), pp. 29–41.

B. Kauer, OSLO: Improving the Security of Trusted Computing, Proceedings of the 16th USENIX Security Symposium August 6–10, 2007, Boston, MA, USA (2007).

R. Kennell and L.H. Jamieson, Establishing the Genuinity of Remote Computer Systems, Proceedings of the 12th USENIX Security Symposium August 4–8, 2003, Washington, DC, USA (2003), pp. 295–308.

F. Monrose, P. Wyckoff and A.D. Rubin, Distributed Execution with Remote Audit, Proceedings of the Network and Distributed System Security Symposium NDSS 1999, San Diego, California, USA (1999), pp. 103–113.

M. Peinado, Y. Chen, P. England and J. Manferdelli, NGSCB: A Trusted Open System. In: H. Wang, J. Pieprzyk and V. Varadharajan, Editors, Information Security and Privacy: 9th Australasian Conference, Proceedings ACISP 2004, Sydney, Australia, July 13–15, 2004, Lecture Notes in Computer Science 3108 (2004), pp. 86–97.

Sadeghi, A.-R., M. Selhorst, C. Stüble, C. Wachsmann and M. Winandy, TCG inside?: A Note on TPM Specification Compliance, in: STC'06: Proceedings of the first ACM workshop on Scalable trusted computing (2006), pp. 47–56.

A.-R. Sadeghi and C. Stüble, Property-based attestation for computing platforms: caring about properties, not mechanisms. In: C. Hempelmann and V. Raskin, Editors, Proceedings of the New Security Paradigms Workshop 2004 September 20–23, 2004, Nova Scotia, Canada (2004), pp. 67–77.

R. Sailer, X. Zhang, T. Jaeger and L. van Doorn, Design and Implementation of a TCG-based Integrity Measurement Architecture, Proceedings of the 13th USENIX Security Symposium August 9–13, 2004, San Diego, CA, USA (2004), pp. 223–238.

A. Seshadri, M. Luk, A. Perrig, L. van Doorn and P.K. Khosla, Externally Verifiable Code Execution, Commununications of the ACM 49 (2006), pp. 45–49. View Record in Scopus | Cited By in Scopus (1)

A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn and P.K. Khosla, Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems. In: A. Herbert and K.P. Birman, Editors, Proceedings of the 20th ACM Symposium on Operating Systems Principles 2005 SOSP 2005, Brighton, UK, October 23–26, 2005 (2005), pp. 1–16.

A. Seshadri, A. Perrig, L. van Doorn and P.K. Khosla, SWATT: SoftWare-based ATTestation for Embedded Devices, 2004 IEEE Symposium on Security and Privacy (S&P 2004), 9–12 May 2004, Berkeley, CA, USA (2004), pp. 272–282.

U. Shankar, M. Chew and J.D. Tygar, Side Effects Are Not Sufficient to Authenticate Software, Proceedings of the 13th USENIX Security Symposium August 9–13, 2004, San Diego, CA, USA (2004), pp. 89–102.

E. Shi, A. Perrig and L. van Doorn, BIND: A Fine-Grained Attestation Service for Secure Distributed Systems, 2005 IEEE Symposium on Security and Privacy (S&P 2005), 8–11 May 2005, Oakland, CA, USA (2005), pp. 154–168.

G. Tan, Y. Chen and M.H. Jakubowski, Delayed and Controlled Failures in Tamper-Resistant Systems, 8th Information Hiding, Lecture Notes in Computer Science 4437 (2006), pp. 216–231.

P.C. van Oorschot, A. Somayaji and G. Wurster, Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance, IEEE Transactions on Dependable and Secure Computing 2 (2005), pp. 82–92. View Record in Scopus | Cited By in Scopus (9)

G. Wurster, P.C. van Oorschot and A. Somayaji, A Generic Attack on Checksumming-Based Software Tamper Resistance, 2005 IEEE Symposium on Security and Privacy (S&P 2005), 8–11 May 2005, Oakland, CA, USA (2005), pp. 127–138.

X. Zhang and R. Gupta, Hiding Program Slices for Software Security, 1st IEEE/ACM International Symposium on Code Generation and Optimization (CGO 2003), 23–26 March 2003, San Francisco, CA, USA (2003), pp. 325–336.

1This work was supported in part by the Concerted Research Action (GOA) Ambiorics 2005/11 of the Flemish Government, by the IAP Programme P6/26 BCRYPT of the Belgian State (Belgian Science Policy), in part by the European Commission through the IST Programme under Contract IST-027635 OPEN_TC and IST-021186 RE-TRUST, and in part by a Ph.D. grant of the Institute for the Promotion of Innovation through Science and Technology in Flanders (IWT-Vlaanderen).


Electronic Notes in Theoretical Computer Science
Volume 197, Issue 1, 21 February 2008, Pages 59-72
Proceedings of the First International Workshop on Run Time Enforcement for Mobile and Distributed Systems (REM 2007)
 
Home
Browse
My Settings
Alerts
Help
Elsevier.com (Opens new window)
About ScienceDirect  |  Contact Us  |  Information for Advertisers  |  Terms & Conditions  |  Privacy Policy
Copyright © 2008 Elsevier B.V. All rights reserved. ScienceDirect® is a registered trademark of Elsevier B.V.